wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

OPENSSL_NO_xxx cleanup: RFC3779

Browse source 
Remove OPENSSL_NO_RFCF3779.

Also, makevms.com was ignored by some of the other cleanups, so
I caught it up.  Sorry I ignored you, poor little VMS...

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Rich Salz 2015-01-27 10:19:14 -05:00
parent a00ae6c46e
commit c73ad69017
10 changed files with 20 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
crypto/asn1/x_x509.c
View file

@ -95,10 +95,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
ret->ex_pathlen = -1;
ret->skid = NULL;
ret->akid = NULL;
#ifndef OPENSSL_NO_RFC3779
ret->rfc3779_addr = NULL;
ret->rfc3779_asid = NULL;
#endif
ret->aux = NULL;
ret->crldp = NULL;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
@ -119,10 +117,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
policy_cache_free(ret->policy_cache);
GENERAL_NAMES_free(ret->altname);
NAME_CONSTRAINTS_free(ret->nc);
#ifndef OPENSSL_NO_RFC3779
sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
ASIdentifiers_free(ret->rfc3779_asid);
#endif
if (ret->name != NULL)
OPENSSL_free(ret->name);

2
crypto/x509/x509.h
View file

@ -278,10 +278,8 @@ struct x509_st {
STACK_OF(DIST_POINT) *crldp;
STACK_OF(GENERAL_NAME) *altname;
NAME_CONSTRAINTS *nc;
# ifndef OPENSSL_NO_RFC3779
STACK_OF(IPAddressFamily) *rfc3779_addr;
struct ASIdentifiers_st *rfc3779_asid;
# endif
# ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
# endif

2
crypto/x509/x509_vfy.c
View file

@ -439,7 +439,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (!ok)
goto end;
#ifndef OPENSSL_NO_RFC3779
/* RFC 3779 path validation, now that CRL check has been done */
ok = v3_asid_validate_path(ctx);
if (!ok)
@ -447,7 +446,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
ok = v3_addr_validate_path(ctx);
if (!ok)
goto end;
#endif
/* If we get this far evaluate policies */
if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))

2
crypto/x509v3/ext_dat.h
View file

@ -103,10 +103,8 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
#endif
&v3_sxnet,
&v3_info,
#ifndef OPENSSL_NO_RFC3779
&v3_addr,
&v3_asid,
#endif
#ifndef OPENSSL_NO_OCSP
&v3_ocsp_nonce,
&v3_ocsp_crlid,

11
crypto/x509v3/v3_addr.c
View file

@ -69,7 +69,6 @@
#include <openssl/buffer.h>
#include <openssl/x509v3.h>
#ifndef OPENSSL_NO_RFC3779
/*
* OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
@ -108,7 +107,7 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
/*
* How much buffer space do we need for a raw address?
*/
# define ADDR_RAW_BUF_LEN 16
#define ADDR_RAW_BUF_LEN 16
/*
* What's the address length associated with this AFI?
@ -163,7 +162,7 @@ static int addr_expand(unsigned char *addr,
/*
* Extract the prefix length from a bitstring.
*/
# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
/*
* i2r handler for one address bitstring.
@ -1195,7 +1194,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
/*
* Validation error handling via callback.
*/
# define validation_err(_err_) \
#define validation_err(_err_) \
do { \
if (ctx != NULL) { \
ctx->error = _err_; \
@ -1315,7 +1314,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
return ret;
}
# undef validation_err
#undef validation_err
/*
* RFC 3779 2.3 path validation -- called from X509_verify_cert().
@ -1340,5 +1339,3 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
return 0;
return v3_addr_validate_path_internal(NULL, chain, ext);
}
#endif /* OPENSSL_NO_RFC3779 */

7
crypto/x509v3/v3_asid.c
View file

@ -69,7 +69,6 @@
#include <openssl/x509.h>
#include <openssl/bn.h>
#ifndef OPENSSL_NO_RFC3779
/*
* OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
@ -736,7 +735,7 @@ int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
/*
* Validation error handling via callback.
*/
# define validation_err(_err_) \
#define validation_err(_err_) \
do { \
if (ctx != NULL) { \
ctx->error = _err_; \
@ -869,7 +868,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
return ret;
}
# undef validation_err
#undef validation_err
/*
* RFC 3779 3.3 path validation -- called from X509_verify_cert().
@ -894,5 +893,3 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
return 0;
return v3_asid_validate_path_internal(NULL, chain, ext);
}
#endif /* OPENSSL_NO_RFC3779 */

4
crypto/x509v3/v3_purp.c
View file

@ -322,10 +322,8 @@ int X509_supported_extension(X509_EXTENSION *ex)
NID_basic_constraints, /* 87 */
NID_certificate_policies, /* 89 */
NID_ext_key_usage, /* 126 */
#ifndef OPENSSL_NO_RFC3779
NID_sbgp_ipAddrBlock, /* 290 */
NID_sbgp_autonomousSysNum, /* 291 */
#endif
NID_policy_constraints, /* 401 */
NID_proxyCertInfo, /* 663 */
NID_name_constraints, /* 666 */
@ -508,11 +506,9 @@ static void x509v3_cache_extensions(X509 *x)
x->ex_flags |= EXFLAG_INVALID;
setup_crldp(x);
#ifndef OPENSSL_NO_RFC3779
x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
NULL, NULL);
#endif
for (i = 0; i < X509_get_ext_count(x); i++) {
ex = X509_get_ext(x, i);
if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))

28
crypto/x509v3/x509v3.h
View file

@ -758,14 +758,12 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
DECLARE_STACK_OF(X509_POLICY_NODE)
# ifndef OPENSSL_NO_RFC3779
typedef struct ASRange_st {
ASN1_INTEGER *min, *max;
} ASRange;
# define ASIdOrRange_id 0
# define ASIdOrRange_range 1
# define ASIdOrRange_id 0
# define ASIdOrRange_range 1
typedef struct ASIdOrRange_st {
int type;
@ -778,8 +776,8 @@ typedef struct ASIdOrRange_st {
typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
DECLARE_STACK_OF(ASIdOrRange)
# define ASIdentifierChoice_inherit 0
# define ASIdentifierChoice_asIdsOrRanges 1
# define ASIdentifierChoice_inherit 0
# define ASIdentifierChoice_asIdsOrRanges 1
typedef struct ASIdentifierChoice_st {
int type;
@ -802,8 +800,8 @@ typedef struct IPAddressRange_st {
ASN1_BIT_STRING *min, *max;
} IPAddressRange;
# define IPAddressOrRange_addressPrefix 0
# define IPAddressOrRange_addressRange 1
# define IPAddressOrRange_addressPrefix 0
# define IPAddressOrRange_addressRange 1
typedef struct IPAddressOrRange_st {
int type;
@ -816,8 +814,8 @@ typedef struct IPAddressOrRange_st {
typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
DECLARE_STACK_OF(IPAddressOrRange)
# define IPAddressChoice_inherit 0
# define IPAddressChoice_addressesOrRanges 1
# define IPAddressChoice_inherit 0
# define IPAddressChoice_addressesOrRanges 1
typedef struct IPAddressChoice_st {
int type;
@ -843,8 +841,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
/*
* API tag for elements of the ASIdentifer SEQUENCE.
*/
# define V3_ASID_ASNUM 0
# define V3_ASID_RDI 1
# define V3_ASID_ASNUM 0
# define V3_ASID_RDI 1
/*
* AFI values, assigned by IANA. It'd be nice to make the AFI
@ -852,8 +850,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
* that would need to be defined for other address families for it to
* be worth the trouble.
*/
# define IANA_AFI_IPV4 1
# define IANA_AFI_IPV6 2
# define IANA_AFI_IPV4 1
# define IANA_AFI_IPV6 2
/*
* Utilities to construct and extract values from RFC3779 extensions,
@ -902,8 +900,6 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
IPAddrBlocks *ext, int allow_inheritance);
# endif /* OPENSSL_NO_RFC3779 */
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes

7
makevms.com
View file

@ -250,9 +250,6 @@ $! For that reason, the list will also always end up in alphabetical order
$ CONFIG_LOGICALS := AES,-
ASM,INLINE_ASM,-
BF,-
BIO,-
BUFFER,-
BUF_FREELISTS,-
CAMELLIA,-
CAST,-
CMS,-
@ -289,7 +286,6 @@ $ CONFIG_LOGICALS := AES,-
RC2,-
RC4,-
RC5,-
RFC3779,-
RIPEMD,-
RSA,-
SEED,-
@ -306,8 +302,7 @@ $ CONFIG_LOGICALS := AES,-
STDIO,-
STORE,-
TLSEXT,-
WHIRLPOOL,-
X509
WHIRLPOOL
$! Add a few that we know about
$ CONFIG_LOGICALS := 'CONFIG_LOGICALS',-
THREADS

6
util/mkdef.pl
View file

@ -97,8 +97,6 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
# Engines
"STATIC_ENGINE", "ENGINE", "HW", "GMP",
# RFC3779
"RFC3779",
# TLS
"TLSEXT", "PSK", "SRP", "HEARTBEATS",
# CMS
@ -140,7 +138,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
my my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
my $no_unit_test; my $no_ssl3_method;
@ -231,7 +229,6 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-engine$/) { $no_engine=1; }
elsif (/^no-hw$/) { $no_hw=1; }
elsif (/^no-gmp$/) { $no_gmp=1; }
elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
elsif (/^no-tlsext$/) { $no_tlsext=1; }
elsif (/^no-cms$/) { $no_cms=1; }
elsif (/^no-ec2m$/) { $no_ec2m=1; }
@ -1209,7 +1206,6 @@ sub is_valid
if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
if ($keyword eq "GMP" && $no_gmp) { return 0; }
if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
if ($keyword eq "PSK" && $no_psk) { return 0; }
if ($keyword eq "CMS" && $no_cms) { return 0; }